Password Safe – Tidy Up and Secure Your Passwords

These days we seem to have a password for everything – email, online banking, Ebay, Amazon, Facebook, Skype, online tax payments, you name it! How are we supposed to keep track of all these passwords? In the past, I would write all of my passwords on a sheet of paper. Well, make that multiple sheets of paper.

Have you ever experienced the frustration of forgetting a user name or password? Sometimes I would visit a web site that I hadn’t been to for a long time and I would forget the user name and password I created for it. So I would end up searching in file folders and old boxes trying to find the sheet that had written it on! Thankfully, I don’t have to do that anymore. Instead, I use a free program called Password Safe to keep my passwords secure and organized.

In this post I will show you how to install Password Safe, add your passwords to it, and retrieve your passwords from it. You may want to print out these instructions so that you do not have to keep referring back to this web page.

INSTALLATION

The first step in the installation process is to obtain the installation file from SourceForge. You can do so by clicking here. Note: Clicking this link will open a new window.

If you use Mozilla Firefox you will be presented with a download window. Click the “Save File” button. Firefox should save the file to your Desktop unless you’ve configured it otherwise.

If you use Internet Explorer 7 you will see a yellow bar appear at the top of the page. Click it and select “Download File”. You will then be presented with the Internet Explorer download dialog box. Click the “Run” button on this window.

If you’ve saved the installation file to your Desktop with Firefox, go to your desktop now and double-click the file to start the installation process. Otherwise, Internet Explorer will start the installation automatically after you click “Run”. With Internet Explorer, you may receive a message that the publisher has not been verified. Click the “Run” button to continue the installation. If you have Windows Vista you’ll be asked to “continue” or “cancel” by the User Account Control. Select continue.

The installation is quite simple. The default settings are usually sufficient. The steps to complete installation are below.

Read the licence agreement and, if you choose, agree to it.

Select regular installation. Only select green if you want a portable installation (not covered in this tutorial).

Select whether or not you want Password Safe to start automatically when Windows loads and if you want a desktop and start menu icon. I recommend leaving everything checked.

Click install.

Click close.

CREATE A NEW PASSWORD DATABASE

That’s it! Password Safe has now been installed. The next step is to open it and create a new database where all your passwords will be stored. To open Password Safe double-click the new icon on your desktop or find it in your start menu. You will be presented with the login screen. Unless you already have a password database, you will have to create a new one. To do this, click on the “New Database” button.

You should now see the file explorer window. The default name for the database is “pwsafe.psafe3” and the recommended location to save the file is under “My Documents”. Unless you know what you’re doing and you want to change either the name and/or location of the database, just click the “Save” button.

Now you will be asked to create the safe combination or “Master Password”. This password will be used to encrypt all your other passwords. It’s the password used to unlock all your passwords when you open Password Safe. I suggest using a strong password here. Include upper case, lower case, numbers, and punctuation. But make sure you don’t forget it! This is the only password that you should write down and store in a safe location. IF YOU FORGET THIS PASSWORD YOU WILL LOSE ACCESS TO ALL YOUR OTHER PASSWORDS.

Here’s an example of a random password that’s difficult to guess: fQ3411a%$#sLw

You will have to type the password in twice for verification. Then click “OK”.

If you aren’t concerned about the privacy of your passwords, you can create a simple master password. However, if you feel that your computer could be compromised by hackers or distressed teenagers then you should choose a longer and more random password that’s difficult to guess. If you choose a password that includes words from the dictionary it can easily be “cracked” by a hacker if they gain access to your computer and file system.

If you choose to use a simple password, you will see the following warning:

Only click “Yes” if you aren’t concerned about strongly securing your passwords.

ADDING PASSWORDS

Now it’s time to start adding your various passwords to the database. Follow these steps for each password you wish to add. To add a new password to your database click on Edit and select “Add Entry” (Or press Ctrl+A).

You’ll then be asked to enter information about your password. The two mandatory fields that you must fill out are “Title” and “Password”. Entering a Group, Username, Notes, and URL are all optional. In the following example I will enter my (hypothetical) Gmail account information:

Group: We haven’t created any groups yet so this field will initially be blank. I plan on adding my Hotmail and Yahoo email accounts later so I create a group called “Email”. However, you could leave the Group field blank if the password you are entering doesn’t fall under a specific category.

Title: This is how the password will be identified in the database. In this case, I just called it “Gmail”.

Username: In this example my username is johnsmith because my (hypothetical) email address is johnsmith@gmail.com

Password: Type in the password for your account here and confirm it in the box below. Click the “Generate” button to have the program generate a strong random password for you. Note: If you’d like to see what you are typing into the password field or what the random password generator created, click the “Show” button.

Notes: Add any descriptive information here that would help you to identify the account.

URL: Here you can add the address of the web site where you use this particular username and password. In this case it’s http://mail.google.com

Click the “Ok” button to save your password. You will now see a new entry in your Password Safe.

Note: For extra security you can set the password to expire after a certain number of days. To do so, under “Advanced”, click the “Set” button (In the newest version of password safe, v3.16, the set button is in the Edit Entry window). In this example you will be forced to change the password every sixty days.

After you’ve completed entering all your passwords, close Password Safe. Notice that it continues to run on your computer in the system tray at the bottom right corner of your screen. You can re-open Password Safe by double-clicking its icon in the system tray. If the icon is colored red that means your session is still open and you won’t have to re-enter the master password.

After a certain period of time (five minutes by default), your session will time out and the icon will become green. Now if you double click the icon, you will be asked for the master password.

Password Safe will start automatically when your computer starts. It’s always accessible via the system tray if you need to add a new password or retrieve one from the database.

ACCESSING PASSWORDS

So now it’s six months later and I decide to check my dusty Gmail account for new mail. But I can’t for the life of me remember what my username and password is! So I open up Password Safe by double-clicking the icon in my system tray. After I enter the master password I’m shown the collection of passwords I’ve created over the past six months. Under the email group is my Gmail account. Beside Gmail, I can see that my user name is “johnsmith”. I double click on the entry and it copies the password to the clipboard.

Note: The clipboard is an area of memory in your computer that stores temporary information. It’s used any time you “copy” and “paste” text or images.

Now I go to Gmail, enter my username johnsmith, right-click in the password field and select “paste” to copy the contents of the clipboard.

And now I’m in my Gmail account thanks to Password Safe’s secure storage.

You won’t actually see the password using the above method. It will be displayed as asterisks (*****). If you want to know what the password is, go back into Password Safe, right click on the Gmail entry, and select “edit entry”. In the window that pops up, click on the “Show” button to display the password.

CONCLUSION

Password Safe is free software that you can use to securely store and organize your passwords. The installation is a breeze and the program requires very little hard drive space or memory. After you start using it you’ll never go back to writing your passwords down on paper.

You should backup your password database file frequently in case your hard drive fails. To do so, copy the pswd.psafe3 file (stored in “My Documents” by default) to a CD-R or USB thumb drive. You can use Allway Sync to keep your database synchronized with an external backup device.

Also, make sure you don’t forget your master password. Write it down if you must and store it in a secure location.